On a component or asset page in a Maven repository, the "Delete" button is enable even if I have only "nx-repository-view-maven2-myrepo-browse" privilege.
Clicking the button and confirming the deletion leads to a org.apache.shiro.authz.AuthorizationException, but ideally the button should be disabled to make permissions checks easier.
- Make the error message user friendly.
- (The permissions might have changed since the control rendered.)
- Drive the button's state depending on the permissions.
- Since 'delete (single) component' is atomic, we should enable the button only if the transaction will go through.
- Ensure there's a tool tip to explain why it's disabled.